CVE-2023-5880

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Jan 3, 2024

Updated: Jan 11, 2024

CWE ID 79

Summary

CVE-2023-5880: The Genie Company's Aladdin Connect garage door opener (Retrofit-Kit Model ALDCM) is susceptible to Cross-Site Scripting (XSS) attacks. When the device enters configuration mode, its web servers "Garage Door Control Module Setup" page becomes vulnerable. An attacker can exploit this by broadcasting a malicious SSID name containing client-side Java Script and/or HTML code. This allows the attacker to inject malicious code into the users' web browsers, potentially executing malicious actions or stealing sensitive information.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/tOCc13
https://www.cve.org/CVERecord?id=CVE-2023-5880
https://nvd.nist.gov/vuln/detail/CVE-2023-5880

Back to Vulnerability Database

CVE-2023-5880

CVSS 3.1 Score 8.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations